starred/authelia-admin
1
0
Fork 0
mirror of https://github.com/asalimonov/authelia-admin.git synced 2026-04-25 22:55:52 +03:00
Code Issues 16 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #37] Question regarding Traefik #100

New issue
Closed
opened 2026-02-27 12:33:12 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 12:33:12 +03:00
Owner
Copy link

Originally created by @arcoast on GitHub (Dec 7, 2025).
Original GitHub issue: https://github.com/asalimonov/authelia-admin/issues/37

I've been using authelia for years and have it working with Traefik, but struggling with the routing with authelia-admin.

My Authelia config is as follows, running on a dedicated subdomain

services:
    authelia:
        image: ghcr.io/authelia/authelia:4.39
        container_name: authelia
        command:
            - "authelia"
            - "--config=/deploy/configuration.server.yml"
            - "--config=/deploy/configuration.ldap.yml"
            - "--config=/deploy/configuration.acl.yml"
            - "--config=/deploy/configuration.identity.providers.yml"
            - "--config=/deploy/configuration.oidc.clients.yml"
        networks:
            - authelia
            - ldap
            - traefik
#        ports:
#            - 9091:9091
        environment:
            - TZ=${TZ}
            # Authelia Templating
            - X_AUTHELIA_CONFIG_FILTERS=${X_AUTHELIA_CONFIG_FILTERS}
            # Extras For Templating
            - DOMAIN=domain.com
            - X_AUTHELIA_SMTP_ADDRESS=${X_AUTHELIA_SMTP_ADDRESS}
            - X_AUTHELIA_SMTP_USERNAME=${X_AUTHELIA_SMTP_USERNAME}
            - X_AUTHELIA_EMAIL=${X_AUTHELIA_EMAIL}
            - X_AUTHELIA_SITE_NAME=${X_AUTHELIA_SITE_NAME}
            - X_AUTHELIA_DUO_HOSTNAME=${X_AUTHELIA_DUO_HOSTNAME}
            - X_AUTHELIA_LDAP_DOMAIN=${X_AUTHELIA_LDAP_DOMAIN}
        volumes:
            - ${DEPLOY}/authelia/authelia:/deploy # configuration files
            - ${CONFIG}/authelia/authelia:/config # sqlite database location
        restart: unless-stopped
        labels:
            - "traefik.enable=true"
            - "traefik.docker.network=traefik"
            - "traefik.http.services.authelia.loadbalancer.server.port=${APPLICATION_PORT}"
            - "traefik.http.routers.authelia.service=authelia"
            - "traefik.http.routers.authelia.entrypoints=websecure"
            # - "traefik.http.routers.authelia.rule=Host(`authelia.domain.com`)"
            - "traefik.http.routers.authelia.rule=Host(`authelia.domain.com`) && !PathPrefix(`/auth-admin/`)"
            - "traefik.http.routers.authelia.middlewares=authelia@file, securityHeaders@file"

My authelia-admin configuration is done using environmental variables

    authelia-admin:
        image: ghcr.io/asalimonov/authelia-admin:latest
        container_name: authelia-admin
        networks:
            - authelia
            - ldap
            - traefik
        ports:
            - 9093:9093
        environment:
            - TZ=${TZ}
            - PORT=9093
            - HOST=0.0.0.0
            - TRUSTED_ORIGINS=https://authelia.domain.com
            # - NODE_TLS_REJECT_UNAUTHORIZED=0
            - AAD_AUTHELIA_DOMAIN=authelia.domain.com
            - AAD_AUTHELIA_COOKIE_NAME=authelia_session
            - AAD_AUTHELIA_MIN_AUTH_LEVEL=1
            - AAD_AUTHELIA_ALLOWED_USERS=
            - AAD_DIRECTORY_TYPE=lldap-graphql
            - AAD_DIRECTORY_LLDAP_GRAPHQL_ENDPOINT=http://lldap:17170/api/graphql
            - AAD_DIRECTORY_LLDAP_GRAPHQL_USER=admin
            - AAD_DIRECTORY_LLDAP_GRAPHQL_PASSWORD=LDAPPASSWORD
            - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_HOST=lldap
            - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_PORT=389
            - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_BASE_DN="dc=domain,dc=com"
        volumes:
            # - ${CONFIG}/authelia/authelia-admin/config.yml:/opt/authelia-admin/config.yml:ro
            - ${DEPLOY}/authelia/authelia:/deploy
            - ${CONFIG}/authelia/authelia:/config
            - ${CONFIG}/authelia/authelia-admin/authelia:/data
        restart: no
        depends_on:
            - authelia
        healthcheck:
            test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9093/"]
            interval: 30s
            timeout: 10s
            retries: 3
        labels:
            - "traefik.enable=true"
            - "traefik.docker.network=traefik"
            - "traefik.http.services.authelia-admin.loadbalancer.server.port=9093"
            - "traefik.http.routers.authelia-admin.service=authelia-admin"
            - "traefik.http.routers.authelia-admin.entrypoints=websecure"
            - "traefik.http.routers.authelia-admin.rule=Host(`authelia.domain.com`) && PathPrefix(`/auth-admin/`)"
            - "traefik.http.routers.authelia-admin.middlewares=authelia@file, securityHeaders@file"

If I go to authelia.domain.com I can successfully use Authelia, however trying to browse to https://authelia.domain.com/auth-admin results in a 500 error code and an internal server error.

Looking in the browser logs

Image

Docker logs for authelia-admin are fine

dtail authelia-admin
2025-12-07T11:06:13.277836359Z Listening on http://0.0.0.0:9093

I can browse to http://SERVER_IP:9093/auth-admin and see the following page

Image

The Authelia link points to http://SERVER_IP:9093 and the Authelia-Admin link points to http://SERVER_IP:9093/auth-admin

I understand this may be out of scope for support as it's almost certainly a Traefik issue, but I did notice that I think you're using Traefik yourself based on the compose file here

I did wonder if it might be a CORS issue, however I'm using the same Traefik routing with PathPrefix in another stack (running /.well-known/matrix/) on my root domain to facilitate OIDC in my Synapse server.

Would be very grateful for any advice, help or insights you might be able to offer.

One other thought I had, is that as you can see I've split my Authelia config file into multiple files to help with readability/editing, and I wondered if that might impact things.

Originally created by @arcoast on GitHub (Dec 7, 2025). Original GitHub issue: https://github.com/asalimonov/authelia-admin/issues/37 I've been using authelia for years and have it working with Traefik, but struggling with the routing with authelia-admin. My Authelia config is as follows, running on a dedicated subdomain ```yaml services: authelia: image: ghcr.io/authelia/authelia:4.39 container_name: authelia command: - "authelia" - "--config=/deploy/configuration.server.yml" - "--config=/deploy/configuration.ldap.yml" - "--config=/deploy/configuration.acl.yml" - "--config=/deploy/configuration.identity.providers.yml" - "--config=/deploy/configuration.oidc.clients.yml" networks: - authelia - ldap - traefik # ports: # - 9091:9091 environment: - TZ=${TZ} # Authelia Templating - X_AUTHELIA_CONFIG_FILTERS=${X_AUTHELIA_CONFIG_FILTERS} # Extras For Templating - DOMAIN=domain.com - X_AUTHELIA_SMTP_ADDRESS=${X_AUTHELIA_SMTP_ADDRESS} - X_AUTHELIA_SMTP_USERNAME=${X_AUTHELIA_SMTP_USERNAME} - X_AUTHELIA_EMAIL=${X_AUTHELIA_EMAIL} - X_AUTHELIA_SITE_NAME=${X_AUTHELIA_SITE_NAME} - X_AUTHELIA_DUO_HOSTNAME=${X_AUTHELIA_DUO_HOSTNAME} - X_AUTHELIA_LDAP_DOMAIN=${X_AUTHELIA_LDAP_DOMAIN} volumes: - ${DEPLOY}/authelia/authelia:/deploy # configuration files - ${CONFIG}/authelia/authelia:/config # sqlite database location restart: unless-stopped labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.services.authelia.loadbalancer.server.port=${APPLICATION_PORT}" - "traefik.http.routers.authelia.service=authelia" - "traefik.http.routers.authelia.entrypoints=websecure" # - "traefik.http.routers.authelia.rule=Host(`authelia.domain.com`)" - "traefik.http.routers.authelia.rule=Host(`authelia.domain.com`) && !PathPrefix(`/auth-admin/`)" - "traefik.http.routers.authelia.middlewares=authelia@file, securityHeaders@file" ``` My authelia-admin configuration is done using environmental variables ```yaml authelia-admin: image: ghcr.io/asalimonov/authelia-admin:latest container_name: authelia-admin networks: - authelia - ldap - traefik ports: - 9093:9093 environment: - TZ=${TZ} - PORT=9093 - HOST=0.0.0.0 - TRUSTED_ORIGINS=https://authelia.domain.com # - NODE_TLS_REJECT_UNAUTHORIZED=0 - AAD_AUTHELIA_DOMAIN=authelia.domain.com - AAD_AUTHELIA_COOKIE_NAME=authelia_session - AAD_AUTHELIA_MIN_AUTH_LEVEL=1 - AAD_AUTHELIA_ALLOWED_USERS= - AAD_DIRECTORY_TYPE=lldap-graphql - AAD_DIRECTORY_LLDAP_GRAPHQL_ENDPOINT=http://lldap:17170/api/graphql - AAD_DIRECTORY_LLDAP_GRAPHQL_USER=admin - AAD_DIRECTORY_LLDAP_GRAPHQL_PASSWORD=LDAPPASSWORD - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_HOST=lldap - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_PORT=389 - AAD_DIRECTORY_LLDAP_GRAPHQL_LDAP_BASE_DN="dc=domain,dc=com" volumes: # - ${CONFIG}/authelia/authelia-admin/config.yml:/opt/authelia-admin/config.yml:ro - ${DEPLOY}/authelia/authelia:/deploy - ${CONFIG}/authelia/authelia:/config - ${CONFIG}/authelia/authelia-admin/authelia:/data restart: no depends_on: - authelia healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9093/"] interval: 30s timeout: 10s retries: 3 labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.services.authelia-admin.loadbalancer.server.port=9093" - "traefik.http.routers.authelia-admin.service=authelia-admin" - "traefik.http.routers.authelia-admin.entrypoints=websecure" - "traefik.http.routers.authelia-admin.rule=Host(`authelia.domain.com`) && PathPrefix(`/auth-admin/`)" - "traefik.http.routers.authelia-admin.middlewares=authelia@file, securityHeaders@file" ``` If I go to `authelia.domain.com` I can successfully use Authelia, however trying to browse to `https://authelia.domain.com/auth-admin` results in a 500 error code and an internal server error. Looking in the browser logs <img width="886" height="699" alt="Image" src="https://github.com/user-attachments/assets/cc606f3e-ecd0-437d-a11c-0fc7d4d0f21b" /> Docker logs for authelia-admin are fine ``` dtail authelia-admin 2025-12-07T11:06:13.277836359Z Listening on http://0.0.0.0:9093 ``` I can browse to http://SERVER_IP:9093/auth-admin and see the following page <img width="796" height="507" alt="Image" src="https://github.com/user-attachments/assets/c5acbaa9-a2a4-447a-a3fe-c9d6156c2d20" /> The Authelia link points to `http://SERVER_IP:9093` and the Authelia-Admin link points to `http://SERVER_IP:9093/auth-admin` I understand this may be out of scope for support as it's almost certainly a Traefik issue, but I did notice that I think you're using Traefik yourself based on the compose file [here](https://github.com/asalimonov/authelia-admin/blob/main/docker-compose.yml) I did wonder if it might be a CORS issue, however I'm using the same Traefik routing with PathPrefix in another stack (running `/.well-known/matrix/`) on my root domain to facilitate OIDC in my Synapse server. Would be very grateful for any advice, help or insights you might be able to offer. One other thought I had, is that as you can see I've split my Authelia config file into multiple files to help with readability/editing, and I wondered if that might impact things.
kerem closed this issue 2026-02-27 12:33:12 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/new-user-password-not-set
dependabot/npm_and_yarn/svelte-6535ca4039
dependabot/npm_and_yarn/vite-35a443a342
dependabot/npm_and_yarn/tailwind-97bcedbae3
dependabot/npm_and_yarn/types-054763cb3e
dependabot/npm_and_yarn/eslint-plugin-svelte-3.16.0
dependabot/npm_and_yarn/inlang/paraglide-js-2.15.1
dependabot/npm_and_yarn/typescript-eslint-8.57.1
dependabot/npm_and_yarn/yaml-2.8.3
dependabot/npm_and_yarn/sqlite3-6.0.1
dependabot/npm_and_yarn/serve-14.2.6
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
dependabot/github_actions/docker/build-push-action-7
feature/postgres
feature/playwright
feature/group-management
feature/i18n
feature/lldap-graphql
feauture/lldap-graphql
docs/license
bug/unhealthy-docker
v1.1.0
v1.0.0
v0.1.0
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/authelia-admin#100
No description provided.